LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@ekzemplaro(内田 雅智)

Ufw: /.env にアクセスするサイトをブロックする

Last updated at Posted at 2025-04-18

Nginx サーバーのエラーログ /var/log/nginx/error.log に、/.env にアクセスして、エラーというログが出ていました。
それをブロックする方法です。

error.log から、コマンドの作成

#
grep "/.env" error.log > tmp01
wc tmp01
awk -Fclient: '{print $2}' tmp01 > tmp02
awk '{print $1}' tmp02 | sort -u > tmp03
#
awk -F. '{print $1,$2}' tmp03 | sort -u > tmp04
wc tmp04
awk '!/:/{print $0}' tmp04 > tmp05
wc tmp05
awk '{print "sudo ufw deny from ",$1"."$2".0.0/16"}' tmp05 > go_deny.sh

作成されたコマンド

go_deny.sh
sudo ufw deny from  103.145.0.0/16
sudo ufw deny from  108.60.0.0/16
sudo ufw deny from  137.184.0.0/16
sudo ufw deny from  138.197.0.0/16
sudo ufw deny from  138.68.0.0/16
sudo ufw deny from  143.244.0.0/16
sudo ufw deny from  154.83.0.0/16
sudo ufw deny from  157.245.0.0/16
sudo ufw deny from  159.203.0.0/16
sudo ufw deny from  159.65.0.0/16
sudo ufw deny from  165.22.0.0/16
sudo ufw deny from  165.227.0.0/16
sudo ufw deny from  170.39.0.0/16
sudo ufw deny from  176.65.0.0/16
sudo ufw deny from  178.128.0.0/16
sudo ufw deny from  191.96.0.0/16
sudo ufw deny from  195.178.0.0/16
sudo ufw deny from  195.211.0.0/16
sudo ufw deny from  196.251.0.0/16
sudo ufw deny from  206.189.0.0/16
sudo ufw deny from  206.81.0.0/16
sudo ufw deny from  207.154.0.0/16
sudo ufw deny from  209.38.0.0/16
sudo ufw deny from  213.232.0.0/16
sudo ufw deny from  216.225.0.0/16
sudo ufw deny from  35.216.0.0/16
sudo ufw deny from  4.251.0.0/16
sudo ufw deny from  45.135.0.0/16
sudo ufw deny from  45.148.0.0/16
sudo ufw deny from  46.101.0.0/16
sudo ufw deny from  51.89.0.0/16
sudo ufw deny from  62.4.0.0/16
sudo ufw deny from  70.39.0.0/16
sudo ufw deny from  82.197.0.0/16
sudo ufw deny from  93.123.0.0/16

作成したコマンドを実行する

状態の確認

$ sudo ufw status numbered
(省略)
[18] Anywhere                   DENY IN     103.145.0.0/16            
[19] Anywhere                   DENY IN     108.60.0.0/16             
[20] Anywhere                   DENY IN     137.184.0.0/16            
[21] Anywhere                   DENY IN     138.197.0.0/16            
[22] Anywhere                   DENY IN     138.68.0.0/16             
[23] Anywhere                   DENY IN     143.244.0.0/16            
[24] Anywhere                   DENY IN     154.83.0.0/16             
[25] Anywhere                   DENY IN     157.245.0.0/16            
[26] Anywhere                   DENY IN     159.203.0.0/16            
[27] Anywhere                   DENY IN     159.65.0.0/16             
[28] Anywhere                   DENY IN     165.22.0.0/16             
[29] Anywhere                   DENY IN     165.227.0.0/16
(省略)

参考

http と https の接続を許可する方法

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?